diff --git a/heartbeat/oracle b/heartbeat/oracle index 5ecc2f3..c629eb6 100755 --- a/heartbeat/oracle +++ b/heartbeat/oracle @@ -27,6 +27,9 @@ # OCF_RESKEY_ipcrm (optional; defaults to "instance") # OCF_RESKEY_clear_backupmode (optional; default to "false") # OCF_RESKEY_shutdown_method (optional; default to "checkpoint/abort") +# OCF_RESKEY_monuser (optional; defaults to "OCFMON") +# OCF_RESKEY_monpassword (optional; defaults to "OCFMON") +# OCF_RESKEY_monprofile (optional; defaults to "OCFMONPROFILE") # # Initialization: @@ -56,6 +59,11 @@ oracle_usage() { ! } +# Defaults +OCF_RESKEY_monuser_default="OCFMON" +OCF_RESKEY_monpassword_default="OCFMON" +OCF_RESKEY_monprofile_default="OCFMONPROFILE" + oracle_meta_data() { cat < @@ -100,6 +108,39 @@ If this does not work for you, just set it explicitely. + + +Monitoring user name. Every connection as +sysdba is logged in an audit log. This can +result in a large number of new files created. +A new user is created (if it doesn't exist) in +the start action and subsequently used in monitor. +It should have very limited rights. Make sure +that the password for this user does not expire. + +monuser + + + + + +Password for the monitoring user. Make sure +that the password for this user does not expire. + +monpassword + + + + + +Profile used by the monitoring user. If the +profile does not exist, it will be created +with a non-expiring password. + +monprofile + + + Sometimes IPC objects (shared memory segments and semaphores) @@ -216,7 +257,7 @@ execsql() { if [ "$US" = "$ORACLE_OWNER" ]; then sqlplus -S /nolog else - su - $ORACLE_OWNER -c ". $ORA_ENVF; sqlplus -S /nolog" + su - $ORACLE_OWNER -s /bin/sh -c ". $ORA_ENVF; sqlplus -S /nolog" fi } @@ -250,7 +291,7 @@ dbasql() { runsql "connect / as sysdba" $* } monsql() { - runsql "connect $MONUSR/$MONUSR" $* + runsql "connect $MONUSR/\"$MONPWD\"" $* } # use dbasql_one if the query should result in a single line output # at times people stuff commands in oracle .profile @@ -325,22 +366,73 @@ getipc() { echo "oradebug tracefile_name" echo "oradebug ipc" } +show_mon_profile() { + echo "select PROFILE from dba_profiles where PROFILE='$MONPROFILE';" +} +mk_mon_profile() { + cat</dev/null && + output=`dbasql show_mon_profile` + if echo "$output" | grep -iw "^$MONPROFILE" >/dev/null; then return 0 + fi + output=`dbasql mk_mon_profile show_mon_profile` + if echo "$output" | grep -iw "^$MONPROFILE" >/dev/null; then + return 0 + else + ocf_log err "could not create $MONPROFILE oracle profile" + ocf_log err "sqlplus output: $output" + return 1 + fi +} +check_mon_user() { + local output + local output2 + + output=`dbasql show_mon_user` + if echo "$output" | grep -iw "^$MONUSR" >/dev/null; then + if echo "$output" | grep -w "EXPIRED" >/dev/null; then + dbasql reset_mon_user_password + fi + output=`dbasql show_mon_user_profile` + if echo "$output" | grep -iw "^$MONPROFILE" >/dev/null; then + return 0 + else + output=`dbasql set_mon_user_profile` + output2=`dbasql show_mon_user_profile` + if echo "$output2" | grep -iw "^$MONPROFILE" >/dev/null; then + return 0 + fi + ocf_log err "could not set profile for $MONUSR oracle user" + ocf_log err "sqlplus output: $output( $output2 )" + return 1 + fi + fi output=`dbasql mk_mon_user show_mon_user` - if echo "$output" | grep -w "^$MONUSR" >/dev/null; then + if echo "$output" | grep -iw "^$MONUSR" >/dev/null; then return 0 else ocf_log err "could not create $MONUSR oracle user" @@ -417,7 +509,7 @@ ipcdesc() { } rmipc() { local what=$1 id=$2 - ipcs -$what | filteroraipc | grep -w $id >/dev/null 2>&1 || + ipcs -$what | filteroraipc | grep -iw $id >/dev/null 2>&1 || return ocf_log info "Removing `ipcdesc $what` $id." ipcrm -$what $id @@ -447,6 +539,8 @@ is_proc_running() { # instance in OPEN state? instance_live() { local status=`monsql_one dbstat` + [ "$status" = OPEN ] && return 0 + status=`dbasql_one dbstat` if [ "$status" = OPEN ]; then return 0 else @@ -473,7 +567,7 @@ ora_cleanup() { } oracle_getconfig() { - ora_common_getconfig "$OCF_RESKEY_sid" "$OCF_RESKEY_home" "$OCF_RESKEY_user" "$OCF_RESKEY_tns_admin" + ora_common_getconfig "$OCF_RESKEY_sid" "$OCF_RESKEY_home" "$OCF_RESKEY_user" clear_backupmode=${OCF_RESKEY_clear_backupmode:-"false"} shutdown_method=${OCF_RESKEY_shutdown_method:-"checkpoint/abort"} @@ -493,7 +587,7 @@ oracle_getconfig() { oracle_start() { local status output if is_proc_running; then - status="`monsql_one dbstat`" + status="`dbasql_one dbstat`" case "$status" in "OPEN") : nothing to be done, we can leave right now @@ -541,6 +635,11 @@ oracle_start() { fi output=`dbasql dbopen` + # check/create the monitor profile + if ! check_mon_profile; then + return $OCF_ERR_GENERIC + fi + # check/create the monitor user if ! check_mon_user; then return $OCF_ERR_GENERIC @@ -650,7 +749,12 @@ show_procs() { proc_pids() { show_procs | awk '{print $1}'; } PROCS_CLEANUP_TIME="30" -MONUSR="OCFMON" +MONUSR=${OCF_RESKEY_monuser:-$OCF_RESKEY_monuser_default} +MONPWD=${OCF_RESKEY_monpassword:-$OCF_RESKEY_monpassword_default} +MONPROFILE=${OCF_RESKEY_monprofile_default:-$OCF_RESKEY_monprofile_default} + +MONUSR=$(echo $MONUSR | awk '{print toupper($0)}') +MONPROFILE=$(echo $MONPROFILE | awk '{print toupper($0)}') OCF_REQUIRED_PARAMS="sid" OCF_REQUIRED_BINARIES="sqlplus" ocf_rarun $* diff --git a/heartbeat/oralsnr b/heartbeat/oralsnr index 2409017..a91eeab 100755 --- a/heartbeat/oralsnr +++ b/heartbeat/oralsnr @@ -158,7 +158,7 @@ runasdba() { ( echo ". $ORA_ENVF" cat - ) | su - $ORACLE_OWNER + ) | su -s $SH - $ORACLE_OWNER fi } @@ -268,7 +268,7 @@ oralsnr_validate_all() { # used in ora-common.sh show_procs() { ps -e -o pid,user,args | - grep '[t]nslsnr' | grep -w "$listener" | grep -w "$ORACLE_OWNER" + grep '[t]nslsnr' | grep -i -w "$listener" | grep -w "$ORACLE_OWNER" } proc_pids() { show_procs | awk '{print $1}'; } PROCS_CLEANUP_TIME="10"